A conventional processing system may include hardware resources, such as a central processing unit (CPU) and random access memory (RAM), as well as software resources, such as an operating system (OS) and one or more end-user programs or applications. An application is typically developed to run on a particular OS. When a typical conventional computer system is started, it loads the OS before loading the end-user programs or applications. The OS typically serves as an intermediary between software applications and the hardware in a processing system.
In addition to RAM and one or more CPUs, a processing system may include a trusted platform module (TPM). A TPM is a hardware component that resides within a processing system and provides various facilities and services for enhancing the security of the processing system. For example, a TPM may be used to protect data and to attest to the configuration of a platform. The sub-components of a TPM may include an execution engine and secure non-volatile (NV) memory or storage. The secure NV memory is used to store sensitive information, such as encryption keys, and the execution engine protects the sensitive information according to the security policies to be implemented by the TPM.
A TPM may be implemented in accordance with specifications such as the Trusted Computing Group (TCG) TPM Specification Version 1.2, dated Oct. 2, 2003 (hereinafter the “TPM specification”), which includes parts such as Design Principles, Structures of the TPM, and TPM Commands. The TPM specification is published by the TCG and is available from the Internet at www.trustedcomputinggroup.org/home.
In general, a TCG-compliant TPM provides security services such as attesting to the identity and/or integrity of the platform, based on characteristics of the platform. The platform characteristics typically considered by a TPM include hardware components of the platform, such as the processor(s) and chipset, as well as the software residing in the platform, such as the firmware and OS. A TPM may also support auditing and logging of software processes, as well as verification of platform boot integrity, file integrity, and software licensing. It may therefore be said that a TPM provides a root of trust for a platform. Accordingly, a third party may implement security policies which require requesting systems to provide TPM-based platform attestation. For instance, the third party may configure a server to deny client requests unless those requests are accompanied by valid, TPM-based platform attestation from the client systems.
When a conventional processing system uses a TPM, however, that processing system may be able to support only one software environment at a time.
Recently, Intel Corporation began developing technology for providing multiple independent software environments inside a single processing system. For instance, technology developed by Intel Corporation includes features for partitioning and managing a processing system's hardware resources in a way that allows multiple OSs to execute on the same machine concurrently, with each OS operating substantially as if it were in its own independent physical machine. In such a processing system, each OS may operate within a substantially independent software environment. Such independent environments may be referred to as partitions or virtual machines (VMs).